Ethereum Foundation researcher: Quantum cryptography breakthrough is 5 years faster than expected; migration must be completed by 2029.

Google's Quantum AI team achieved a 10x efficiency boost in Shor's algorithm for elliptic curves, targeting the secp256k1 curve used by Bitcoin and Ethereum, raising alarms for blockchain security.
Core optimizations were kept secret via zero-knowledge proofs, sparking controversy; however, French researchers independently reproduced the algorithm, and an open-source challenge broke world records.
Neutral-atom quantum technology reduces required physical qubits to just 10,000, potentially accelerating Q-Day, with Google establishing a dedicated lab.
Ethereum researcher estimates a 50% chance of Q-Day by 2032 and 10% by 2030; the U.S. official timeline of 2035 is seen as outdated.
Ethereum plans to complete post-quantum migration by 2029, covering consensus, data, and execution layers, with tools like leanVM and million-dollar bounty programs in place.

Written by: Justin Drake, Ethereum Foundation Researcher

Compiled by: Chopper, Foreign News

On March 31, Google's quantum AI team published a landmark achievement regarding Shor's elliptic curve cryptography algorithm. From a technical perspective, this paper represents a major breakthrough: compared to the previous optimal solution, the algorithm's efficiency is improved by a full 10 times. The team used the secp256k1 elliptic curve, the underlying algorithm for Bitcoin and Ethereum signatures, to perform the optimization calculations. This serves as both a technical demonstration and a wake-up call for the blockchain industry.

However, the most intriguing aspect of this paper lies not in its technical aspects, but in its implications for industry regulations. The research team deviated from the conventional academic publishing process, keeping core optimization details entirely confidential. They used only zero-knowledge proofs (ZK) to demonstrate the validity of the optimization scheme without revealing any technical details. A Google blog post mentioned that they liaised with US government departments during the project. Using zero-knowledge proofs to control academic content is unprecedented in global academic history.

As one of the co-authors of this paper, I personally witnessed the events leading up to and following this restricted publication. Frankly, many details of the whole affair are difficult for me to accept. I firmly believe the public should have access to relevant information, but due to objective limitations, the inside story could not be disclosed. However, one point must be made clear: the Google team's professionalism and rigor throughout the process deserve recognition and praise.

Deliberately controlling information often backfires, and the "Strassanne effect" (the more something is deliberately concealed, the more attention it attracts) is now playing out: Google's tightly guarded core optimization algorithm has been replicated by French researchers. Even more surprisingly, an open-source challenge to crack Shor's algorithm through nationwide collaboration has officially launched, and the official website ecdsa.fail broke the world record for Shor's algorithm optimization within just a few hours of its launch.

The algorithm was independently reproduced, and open-source challenges flourished everywhere.

Just two months after Google's paper was published, French quantum mechanics expert André Schrottenloher has been the first to decipher the core optimization logic. His paper, titled "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms," was officially published today on the preprint website arXiv. Congratulations to André for taking the lead among top scholars researching this topic. Also published today, Craig Gidney, a leading authority in algorithm optimization, revealed that due to regulatory restrictions, he had held onto this optimization approach for a full year but was unable to publish it publicly.

While André's research replicated the main framework, it didn't cover all the subtle optimizations in Google's original version and subsequent iterations. Shor's algorithm still has significant untapped optimization potential, which is precisely the reason for the ecdsa.fail challenge. The verification procedure previously used for zero-knowledge proof validation was reused to automatically select effective optimization solutions. Currently, developers worldwide are continuously submitting detailed improvements, using the product of the number of logical qubits and the number of Tovelimens as the benchmark. The entire circuit achieves an 8.4% efficiency improvement compared to Google's original version.

The number of participants in this research boom far exceeded industry expectations, extending beyond just top academics. Over the past few weeks, a large number of amateur enthusiasts have been inspired to emulate the independent research approach proposed by Karpathy (a leading global AI scientist and founding member of OpenAI), using artificial intelligence to iteratively optimize Shor's algorithm. Ironically, the verification program originally designed for ZK proofs has become the reward criterion for AI iterations. This new research model has an extremely low barrier to entry, with many non-professionals and even teenagers submitting high-quality optimization solutions.

With the entry of neutral atom quantum technology into the market, industry insiders predict that Quantum Day may arrive before 2032.

The story doesn't end with Google. On the same day that Google released its paper, privacy startup Oratomic also published a paper on its self-developed Shor algorithm, which immediately topped the list of most popular papers on the academic grading website scirate.com.

Oratomic's conclusion is astonishing: based on Google's logic layer optimizations and combined with its self-developed neutral atom physics architecture optimizations, only 10,000 physical qubits are needed to run Shor's algorithm and crack the secp256k1 cipher – a number so low it overturns industry expectations.

When I first encountered the Oratomic paper, I knew nothing about neutral atom technology. Out of curiosity, I dedicated hundreds of hours to in-depth research, watching numerous online science videos and interviewing several industry experts. My final conclusion is that neutral atom quantum technology is truly feasible and its practical application is promising. Google's recent establishment of a new neutral atom quantum laboratory, a departure from its previous focus solely on superconducting quantum technology, is the best proof of this. If you follow Q-Day (the point in time when quantum computers crack commercial cryptography), the neutral atom approach cannot be ignored.

Interestingly, both Google and Oratomic's groundbreaking papers avoided mentioning the actual impact of their findings on Q-Day, offering no predictions on any timeframes. However, the core purpose of white-hat cryptanalysis is precisely to assess quantum cryptography breaking cycles and help the industry plan ahead, making this silence particularly unusual.

Based on Scott Aaronson's post on April 29, and combined with publicly available information and undisclosed classified intelligence, I estimate that there is a 50% probability of Q-Day occurring before 2032, and a 10% probability of it taking place before 2030.

In contrast, the official timeline used by the US National Security Agency (NSA) and the National Institute of Standards and Technology (NIST) is 2035, by which time US government agencies will prohibit the continued use of quantum-vulnerable cryptographic systems. In hindsight, this projection is severely out of sync with technological development, rendering it essentially useless. NIST will likely be forced to significantly advance its deadline in the future.

Post-quantum migration: Ethereum plans to complete it in 2029.

While we need to be wary of quantum risks, there's no need to panic. Hastily implementing an immature post-quantum cryptography system could actually create security vulnerabilities. In my view, 2029 is a safe window for migration, approximately three and a half years from now. Google, Cloudflare, and the Ethereum Foundation have all chosen the same timeframe.

Currently, most of my work involves collaborating with the Ethereum lightweight upgrade project to smoothly migrate the entire Ethereum blockchain to backward quantum cryptography. This transformation is extensive: the consensus layer's BLS signatures, the data layer's KZG commitments, and the execution layer's ECDSA signatures all need to be replaced. The entire upgrade solution is built upon a hash cryptography system, making it highly feasible.

Within the Ethereum Foundation, we developed a tool called leanVM , powered by hash-based SNARKs. Thanks to the exceptional work of Emile, Thomas, and others, its performance is fully guaranteed. In terms of security, leanVM is a gem; it's a minimalist zkVM designed specifically for end-to-end formal verification and maximum security. Want to contribute? There are currently two $1 million initiatives. First is the Proximity Prize, offering a $1 million prize for solving a long-standing mathematical conjecture in coding theory and improving hash-based SNARKs. Second is the Poseidon Initiative, offering a $1 million prize for cracking Poseidon (a SNARK-friendly hash function).